We use cookies to customise content for your subscription and for analytics.If you continue to browse Lexology, we will assume that you are happy to receive all our cookies. For further information please read our Cookie Policy.

Data breach trends in the financial services sector

Speaking at a recent event to mark Data Protection Day, the Data Protection Commissioner, Helen Dixon, confirmed that the number of breach notifications relating to low level breaches (e.g. 2 in 1 envelope errors), particularly from the financial services sector, remained high in 2014.

According to a recent survey carried out by the Irish Computer Society, more than half of Irish companies say that they have suffered a data breach in the last 12 months. The survey has identified that the most common threat to keeping data secure is employee or human error.

The 2013 Annual Report published by the Office of the Data Protection Commissioner (“ODPC”) confirmed the ODPC received over 900 notifications in relation to postal breaches in that year. A high percentage of these breaches were as a result of human error (e.g. mail merge issues, inaccurate addresses, 2 in 1 enveloping etc.).

Companies must ensure that employees are properly trained so as to raise or ensure an adequate level of data protection awareness exists within an organisation. This is of particular importance where data of a financial or sensitive nature is at risk as the effects of a breach can become even more distressing for the individual.

The ODPC has approved the Personal Data Security Breach Code of Practice which reflects recommended best practice when dealing with incidents of loss of control of personal data, or putting it at risk of such loss. A breach notification system should be in operation in all organisations to ensure that incidents are identified and managed appropriately and that they address how and when to notify the ODPC of breaches. The breach should be investigated fully and the cause determined and recorded so that any developing trends can be identified and potential gaps in training, practices or procedures can be rectified.

Compare jurisdictions: BYOD: Bring Your Own Device

"I use the newsfeeds to follow legislative changes and industry trends relevant to my division. I find the articles to be of a good quality and the topics are well researched and presented in a very user-friendly format."